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16. (Previously Presented) A method for monitoring a security parameter for 
a network by tracking changes to the contents of system files, the network having a first 
and a second server, the first server having a transport mechanism communicatively 
connected to the second server, the method comprising the steps of: 

monitoring at one or more times for changes to a firewall policy; 
collecting on the first server the changes to the firewall policy; 
storing the changes to the firewall policy on the first server; 
compiling a history of the changes to the firewall policy on the first server; 
reporting the history of the firewall policy changes; and 
the second server performing other networking tasks concurrently with the steps 
of collecting, storing, compiling, or reporting. 

17. (Previously Presented) The method of step 16, fiirther comprising the 
steps of: 

monitoring whether a change is an approved change; and 

archiving changes into a first report, the report identifying approved changes. 

1 8. (Original) The method of claim 1 7 further comprising the steps of: 
monitoring information on an administrator of a networking policy change; 
collecting information on the administrator of the networking policy changes; 
archiving one or more sets of information on the administrator; and 
compiling the one or more sets of information on the administrator of the 

networking policy changes, the user able to view the compiled information in a format 
determinable by the user. 

19. (Original) The method of claim 18 further comprising the steps of: 
monitoring the time of the administrator's networking policy changes; 
collecting the time of the administrator's networking policy changes; 
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archiving one or more sets of times of the administrator's networking policy 
changes; and 

compiling the one or more sets of time of the administrator's networking policy 
changes, the user able to view the compiled time in a format determinable by the user. 

20. (Original) The method of claim 19 further comprising the steps of: 
collecting the firewall policy change that is pushed to the firewall policy; 
archiving one or more sets of firewall policy information that is pushed to the 
firewall policy; and 

compiling the one or more sets of firewall policy information that is pushed to the 
firewall policy, the user able to view the compiled firewall policy information 
that is pushed in a format determinable by the user. 

21 . (Previously Presented) The method of claim 20 further comprising the 
steps of: 

establishing one or more baselines by an administrator for a system on the 
network; 

monitoring the one or more baselines established by an administrator; 
collecting information on changes to the one or more baselines into a baseline 

report; 

archiving one or more baseline reports of the changes; and 
compiling the one or more baseline reports, the user able to view the compiled 
information in a format determinable by the user. 
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22. (Previously Presented) The method of claim 21 further comprising the 
steps of: 

monitoring one or more operating system*s file integrity on the network; 
collecting information on changes to the one or more operating system's file 
integrity into a file integrity report; 
archiving the one or more file integrity reports; and 
compiling the one or more file integrity reports, the user able to view the 
compiled information in a format determinable by the user. 

23. (Previously Presented) The method of claim 22 further comprising the 
steps of: 

monitoring a Web server's configuration file; 

collecting information on changes to the Web server's configuration file into a 

Web Server's configuration report; 

archiving the one or more Web Server's configuration reports; and 
compiling the one or more Web Server's configuration reports, the user able to 

view the compiled information in a format determinable by the user. 

24. (Previously Presented) The method of claim 23 further comprising the 
steps of: 

monitoring a proxy server's configuration file; 

collecting information on changes to the proxy server's configuration file into a 

proxy server's configuration file report; 

archiving the one or more proxy server's configuration file reports; and 
compiling the one or more proxy server's configuration file reports, the user able 

to view the compiled information in a format determinable by the user. 
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25. (Previously Presented) The method of claim 24 further comprising the 
steps of: 

monitoring a user's password strength; 

collecting information on the password's strength into a password strength report; 
archiving the one or more password strength report; and 
compiling the one or more password strength report, the user able to view the 
compiled information in a format determinable by the user. 

26. (Previously Presented) The method of claim 25 further comprising the 
steps of: 

establishing one or more events that triggers an alert; 
monitoring for the one or more alert triggering events; 

providing an alert notice upon the occurrence of the one or more alert triggering 

event. 

27. (Original) The method of claim 26 further comprising the steps of: 
collecting information on the one or more alert triggering event into a alert report; 
archiving the one or more alerts reports; and 

compiling the one or more alert reports, the user able to view the compiled 
information in a format determinable by the user. 

28 (Original) The method of step 27 further comprising the step of: 
monitoring encrypted secure connections between the first and the one or more 
second servers. 
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29. (Withdrawn) A method for providing notice of system vulnerabilities to a 
system administrator, the method comprising the steps of: 

providing system users with one or more downloadable preconstructed baseline 
templates; 

providing mdSsum information for applications thereby allowing users use of 
preconstructed templates; 

providing means for notification to the user of software or hardware that contains 
a vulnerability; 

inserting an alert notice in the templates regarding the vulnerability; 
noting the alert notice in the template when a baseline engine is run; 
verifying a file version; and 
alerting an administrator of the vulnerability. 

30. (Withdrawn) A method for generating and gathering system configuration 
data for audits comprising the steps of: 

generating data on system configuration changes; 

generating statistical samplings of changes for comparison against certain 
predetermined criteria; and 

providing information on comparison data, average number of changes, or total 
changes made to a system administrator. 

3 1 . (Withdrawn) The method of claim 30 wherein the statistical samplings of 
changes are generated when the number of changes occurring are too numerous to verify 
manually. 

32. (Withdravm) The method of claim 30 fiirther comprising the step of 
generating a report on the total number of system changes for a given time period. 



6 



Docket Number: SIDROOIUSO 09/858,085 

33. (Withdrawn) A method of using a search module in a system to search for 
particular information comprising the steps of: 

storing all pre-determined system configuration information in a searchable 
central database; and 

finding actual system configuration information in any of a plurality of sub- 
systems monitored by the system, thereby allowing for quick resolution of configuration 
problems in large network environments by providing auditors with the ability to 
examine only information that is pertinent to the specific problem. 

34. (Withdrawn) A method for checking the validity of critical files 
comprising the steps of: 

triggering system execution; 

checking the mdSsum of one or more critical files; 

verifying the md5sum of the one or more critical files against a known value; 
continuing system execution only if the mdSsum matches the known value. 

35. (Previously Presented) A method for providing a security policy watch 
comprising the steps of: 

pre-configuring standard system alerts that adhere to preexisting corporate 
security policies; 

determining whether a firewall policy complies with pre-existing corporate 
security policies; and 

generating an alert when a firewall policy is determined not to comply. 

36. (Previously Presented) The method of claim 35 further comprising the 
step of determining whether a system is within certain predetermined corporate 
guidelines with respect to particular types of software packages, particular versions of 
specific software, particular hardware, or processor speed. 
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37. (Previously Presented) A method for monitoring changes made to systems 
comprising the steps of: 

recording information on scheduled system changes on a central server log; 

storing scheduled change information in a central database; 

detecting actual system changes when they are made to the system; 

transporting actual system change information to a central database; 

providing for comparison of scheduled change information and actual change 
information thereby allowing auditors to detect system change errors and system 
tampering. 
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